[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 19 21:19:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cce09b73 by Salvatore Bonaccorso at 2021-07-19T22:19:06+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,11 +11,11 @@ CVE-2021-36801
CVE-2021-36800
RESERVED
CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a salt value ...)
- TODO: check
+ NOT-FOR-US: KNX ETS5
CVE-2021-36798
RESERVED
CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...)
- TODO: check
+ NOT-FOR-US: Victron Energy Venus OS
CVE-2021-36796
RESERVED
CVE-2021-36795
@@ -1918,17 +1918,17 @@ CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discove
CVE-2021-35969
RESERVED
CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...)
- TODO: check
+ NOT-FOR-US: Orca HCM digital learning platform
CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...)
- TODO: check
+ NOT-FOR-US: Orca HCM digital learning platform
CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...)
- TODO: check
+ NOT-FOR-US: Orca HCM digital learning platform
CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...)
- TODO: check
+ NOT-FOR-US: Orca HCM digital learning platform
CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...)
- TODO: check
+ NOT-FOR-US: Orca HCM digital learning platform
CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...)
- TODO: check
+ NOT-FOR-US: Orca HCM digital learning platform
CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...)
NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system
CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...)
@@ -3045,7 +3045,7 @@ CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unau
CVE-2021-35450
RESERVED
CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...)
NOT-FOR-US: Emote Interactive Remote Mouse on Windows
CVE-2021-35447
@@ -3914,7 +3914,7 @@ CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, a
CVE-2021-35044
RESERVED
CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...)
- TODO: check
+ NOT-FOR-US: OWASP AntiSamy
CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...)
- python-django <not-affected> (Vulnerable code introduced in 3.1)
NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
@@ -4386,9 +4386,9 @@ CVE-2021-34823
CVE-2021-34822
RESERVED
CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...)
- TODO: check
+ NOT-FOR-US: AAT Novus Management System
CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...)
- TODO: check
+ NOT-FOR-US: Novus HTTP Server
CVE-2021-34819
RESERVED
CVE-2021-34818
@@ -4730,9 +4730,9 @@ CVE-2021-34678
CVE-2021-34677
RESERVED
CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...)
- TODO: check
+ NOT-FOR-US: Basix NEX-Forms
CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...)
- TODO: check
+ NOT-FOR-US: Basix NEX-Forms
CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...)
{DLA-2701-1}
- openexr <unfixed> (bug #990450)
@@ -29459,7 +29459,7 @@ CVE-2021-24484
CVE-2021-24483
RESERVED
CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24481
RESERVED
CVE-2021-24480
@@ -29517,9 +29517,9 @@ CVE-2021-24455
CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by a ref ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24450
@@ -29529,7 +29529,7 @@ CVE-2021-24449
CVE-2021-24448
RESERVED
CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24446
RESERVED
CVE-2021-24445
@@ -29551,7 +29551,7 @@ CVE-2021-24438
CVE-2021-24437
RESERVED
CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24435
RESERVED
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...)
@@ -68999,9 +68999,9 @@ CVE-2020-20251
CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
NOT-FOR-US: Mikrotik
CVE-2020-20249 (Mikrotik RouterOs before stable 6.47 suffers from a memory corruption ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20248 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory co ...)
NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20246 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...)
@@ -69037,7 +69037,7 @@ CVE-2020-20232
CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a memory ...)
NOT-FOR-US: Mikrotik
CVE-2020-20230 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...)
- TODO: check
+ NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20229
RESERVED
CVE-2020-20228
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce09b7310ce9daa4f88c2968351b7af6f81bb85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce09b7310ce9daa4f88c2968351b7af6f81bb85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210719/af5ec271/attachment.htm>
More information about the debian-security-tracker-commits
mailing list